Prerequisites

To follow this course, installing recent versions of Zeek and Spicy is required (at least zeek-6.0 and spicy-1.8). The Zeek documentation shows the different ways Zeek can be installed.

In addition we require:

a text editor to write Spicy code
a C++ compiler to compile Spicy code and Zeek plugins
CMake for developing Zeek plugins with Spicy
development headers for libpcap to compile Zeek plugins

Docker images

The Zeek project provides Docker images.

A simplified approach for experimentation is to use the Zeek playground repository which offers an environment integrated with Visual Studio Code. Either clone the project and open it locally in Visual Studio Code and install the recommended plugins, or open it directly in a Github Codespace from the Github repository view.

Introduction to Spicy

Prerequisites

Docker images

Zeek playground